Remote Code Inclusion Vulnerability in ActADUR by ProTNS
CVE-2025-3621

9.4CRITICAL

Key Information:

Vendor: Protns
Status: Actadur
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-3621?

The ActADUR local server product from ProTNS is subject to multiple vulnerabilities, including Remote Code Inclusion due to improper neutralization of special command elements. Additionally, issues such as the use of hard-coded credentials and improper authentication further compound the security risks. Users are advised to update their installations to version 2.0.2.0 or newer to mitigate these vulnerabilities, especially as the software binds to an unrestricted IP address, exposing systems to additional threats.

Affected Version(s)

ActADUR Windows v2.0.1.9

References

https://www.protns.com/53

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

oriax(박기택, Park Kitaek)